[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-ssl] Problem with getCertificateChain(..)



SSLCertificate.getCertificateChain() returns an array of
java.security.cert.X509Certificate. Since you are using
iaik.x509.X509Certificate a cast is necessary.
You may use the convertCertificateChain method of the iaik.utils.Util class
of IAIK-JCE to convert the chain:

iaik.x509.X509Certificate[] certChain =
iaik.utils.Util.convertCertificateChain(certificate.getCertificateChain());

Dieter Bratko

----- Original Message -----
From: Tom Runnacles <thr1@elec.qmw.ac.uk>
To: iaik-ssl <iaik-ssl@iaik.tu-graz.ac.at>
Sent: Thursday, July 29, 1999 9:14 PM
Subject: [iaik-ssl] Problem with getCertificateChain(..)


> Hi,
>
> I'm having some problems getting the isTrustedPeer method to compile in
> a class implementing ClientTrustDecider.  I have the line:
>
> X509Certificate[] certChain=certificate.getCertificateChain();
>
> At compile time, I get an error saying that I need an explicit cast to
> convert java.security.cert.X509Certificate[] to
> iaik.x509.X509Certificate[].  IAIK is added as a provider, and
> iaik.x509.X509 has been imported.  Any suggestions?
>
> Thanks,
>
> Tom Runnacles
>
> PS: Here's the source code for the whole class if that helps:
>
> import iaik.security.provider.*;
> import iaik.security.provider.IAIK;
> import iaik.x509.*;
> import iaik.asn1.structures.*;
> import iaik.asn1.*;
> import iaik.pkcs.PKCSException;
> import iaik.pkcs.pkcs12.KeyBag;
> import iaik.pkcs.pkcs12.PKCS12;
> import iaik.pkcs.pkcs12.CertificateBag;
> import iaik.security.ssl.*;
> import iaik.security.ssl.ClientTrustDecider;
> import iaik.x509.RevokedCertificate;
> import iaik.x509.X509Certificate;
>
> import java.io.*;
> import java.security.cert.CertificateException;
> import java.math.BigInteger;
> import java.util.*;
> import java.security.*;
>
>
>
> class UserTrustDecider implements ClientTrustDecider
> {
>     X509Certificate peerCert;
>     X509Certificate CACert;
>     X509Certificate myCert;
>     PrivateKey myPrivateKey;
>
>     private boolean debugging=true;
>
>     public UserTrustDecider(X509Certificate cert, X509Certificate
> cacert, PrivateKey key)
>     {
>         IAIK.addAsProvider(true);
>         CACert=cacert;
>         myCert=cert;
>         myPrivateKey=key;
>
>     }
>     public UserTrustDecider(X509Certificate cacert)
>     {
>         CACert=cacert;
>     }
>     public SSLCertificate getCertificate(byte[] types, Principal[]
> certificateAuthorities, String keyExchangeAlgorithm)
>     {
>         X509Certificate[] certArray=new X509Certificate[1];
>         certArray[0]=myCert;
>         SSLCertificate SSLCert=new SSLCertificate(certArray);
>         return SSLCert;
>     }
>     public PrivateKey getPrivateKey()
>     {
>         return myPrivateKey;
>     }
>     public boolean isTrustedPeer(SSLCertificate certificate)
>     {
>
>         try
>         {
>             if (certificate==null)
>             {
>                 debug("A Null Certificate");
>                 return false;
>             }
>             else
>             {
>                 X509Certificate[]
> certChain=certificate.getCertificateChain();
>                 debug("Got the CertificateChain");
>                 X509Certificate client=certChain[0];
>                 debug("Got the X509Certificate");
>                 client.verify(CACert.getPublicKey());
>                 debug("Verifies with the CACert");
>                 peerCert=client;
>                 return true;
>
>             }
>         }
>         catch (Exception e)
>         {
>             debug("Doesn't verify with the CACert");
>             return false;
>         }
>
>     }
>     public X509Certificate getPeerCertificate()
>     {
>         return peerCert;
>     }
>     private void debug(String s)
>     {
>         if (debugging)
>         {
>             System.out.println("UserTrustDecider :"+s);
>             System.out.flush();
>         }
>     }
>
> }
> --
> Mailinglist-archive at
http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html
>
> To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the
folowing content: UNSUBSCRIBE iaik-ssl
>
>
>


smime.p7s